Malware

McAfee Report 2014: Risk of Cyber Crime as a Service and Mobile Malware

As computer professionals, we are all aware of the term “as a service” – most commonly used in cloud computing terminology to indicate software, infrastructure or platforms being used as part of an on-demand service. This model is used successfully by organisations across the globe to trade commodity IT and services as and when required. However, the latest report by McAfee identifies this as one of the newest methods for selling cyber crime, Cyber Crime as a Service (CaaS).

The latest report from McAfee suggests that the point-of-sale (PoS) credit card breaches that occurred last year, mostly notably the mass loss of customer records at Target, may have occurred through malware purchased from a Cybercrime as a Service offering on the black market. According to McAfee’s reports, this type of service purchasing is becoming a more common occurrence, and those interested in a career as a cyber criminal can simply purchase off-the-shelf malware and malicious code to conduct their own type of criminal activity online. This type of activity is alarming for the future, as more cyber criminals become aware of the ease of purchasing malware that can quite simply make them millions through scams such as that undertaken against Target.

Target were the victims of a mass data breach, where 40 million customer details were stolen

In Targets case, the type of malware purchased was called BlackPOS – a type of malware that is used against point of sale terminals to clone credit card strips and extract customer data. Hackers were able to purchase BlackPOS “off the shelf” and modify it to their needs in order to successfully carry out a scam such as this. Following lengthily analysis with different agencies, McAfee were able to identify the type of code used to extract data such as user accounts and domain names from the cards and feed it back to the hackers (shown below).

Code used to extract data from victims

Extracted data is sent back to the attackers

Once obtained, the hackers were able to sell the stolen credit card information on an anonymous, virtual currency based point of sale black markets. The hackers could sell batches of data for millions in an anonymous fashion and all of this made possible via the malware purchased from cyber crime as a service offerings. In the case of Target, a reported 40 million (70 million reported in January) credit card numbers were reported stolen and being sold in batches of 1-4 million on black market sites. The ease of purchasing malware as powerful as this is quite extraordinary, and the web provides places for this type of data to be sold anonymously for large amounts of cash – a gold mine for any cyber criminal.

McAfee also reported on the state of mobile malware – an area that is rising considerably over the years. Referred to as “malware zoo”, McAfee report that mobile malware is up 197% compared to the same quarter a year ago – a number that is not ceasing up. McAfee continued to report that 2.47 million new samples of mobile malware have been collected in 2014, with 744k in Q4 alone. Although a singular platform is not singled out, as has been previously suggested, Android is the most popular among mobile malware distributors – contributing to over 90% of mobile malware incidents.

The spread of mobile malware is very similar to that of other devices, apps, browsing online and email all contribute to the circulation of mobile malware – see our post on web ads most popular mobile malware attack to find out more.